UNPKG

mcp-server-semgrep

Version:

MCP Server for Semgrep Integration - static code analysis with AI

github.com/Szowesgad/mcp-server-semgrep

Szowesgad/mcp-server-semgrep

28 lines (27 loc) 829 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
rules: - id: django-using-request-post-after-is-valid patterns: - pattern-inside: | def $FUNC(request, ...): ... - pattern-inside: | if $FORM.is_valid(): ... - pattern-either: - pattern: request.POST[...] - pattern: request.POST.get(...) message: Use $FORM.cleaned_data[] instead of request.POST[] after form.is_valid() has been executed to only access sanitized data languages: [python] severity: WARNING metadata: category: security cwe: "CWE-20: Improper Input Validation" references: - https://docs.djangoproject.com/en/4.2/ref/forms/api/#accessing-clean-data confidence: MEDIUM likelihood: MEDIUM impact: MEDIUM subcategory: - audit technology: - django